Static
Recent
posthypercapitalism (2): nonlinear complexity
posthypercapitalism (1): rorschach effect
holiday timeout
customizing navigation in Plone3
rewrite, or refactor?
autonomo.us cloud computing
the end of paper maps?
host-proof hosting
green is hip: from ego to eco
Tags
trust in XFN social graphs
Tuesday, March 4. 2008
XFN is vulnerable to relationship injection attacks, as discussed earlier here and there
and elsewhere. Summary: If I create a malicious page and put a rel="me" link to your page, your XFN "identity" contains my malicious page and is therefore compromised. The same holds true for links to other people.
We can arm ourselves against such an attack by requiring that all links are bidirectional, i.e. reciprocated. This is, in practice, too burdensome. If you have 10 pages, you'd have to link to all 10 pages from all 10 pages to truly establish identity. If you have 20 friends with 10 pages each, they'd have to put all your 10 pages on all their 10 pages. And everyone would have to do that for everyone.
Continue reading "trust in XFN social graphs"
Quicksearch
Structure
Powered by
Guido A.J. Stevens is internet entrepreneur. He holds an MBA and is co-founder and managing director of NFG Net Facilities Group: innovative open source internet solutions.
